Cybersecurity — Threats & Defenses

For each threat, identify the defense or defenses that best protect against it — and be ready to explain why that defense works. Some threats have more than one good defense. Some defenses work against multiple threats. At least one threat is best stopped by something that isn't software at all.

Threats

  • Virus Inserts into existing programs; runs when the host runs
  • Worm Autonomous; spreads itself across networks
  • Trojan Horse Disguised as something desirable; user installs it
  • Spyware Secretly collects and reports your activity
  • Phishing Impersonates a trusted source to get your information
  • DoS / DDoS Floods a target with requests to overwhelm it
  • Spam Bulk unwanted email; often a delivery vehicle for other attacks

Defenses

  • Firewall Filters traffic at a gateway or individual machine
  • Antivirus software Detects and removes known infections
  • Spam filter Blocks unwanted email before it reaches the user
  • Proxy server Acts as intermediary; hides internal network details
  • Auditing software Monitors traffic patterns; detects anomalies early
  • Encryption Makes data unreadable to anyone without the key
  • User behavior Skepticism, caution, not opening unknown attachments

Virus

Primary: Antivirus software (designed exactly for this)
Secondary: Firewall (can block infected files coming in), User behavior (don't open unknown attachments)
Note: Auditing software can detect unusual activity caused by a virus after the fact

Worm

Primary: Firewall (can block the self-propagating traffic), Antivirus software
Secondary: Security updates / patching (worms often exploit known vulnerabilities — the reading mentions this)
Note: User behavior matters less here since worms spread without user action — that's a meaningful distinction worth surfacing

Trojan Horse

Primary: User behavior (the user has to willingly install it — this is the most important defense), Antivirus software (if it recognizes the signature)
Secondary: Spam filter (Trojans often arrive as email attachments)
Note: A firewall won't help much — the user is inviting it in

Spyware

Primary: Antivirus software (many products specialize in spyware specifically), Firewall (can block the clandestine server spyware uses to send data out — the reading makes this point explicitly)
Secondary: Proxy server (hides internal network details that spyware might report)
Note: This is one where the reading gives a specific and somewhat surprising answer about firewalls — worth highlighting

Phishing

Primary: User behavior (the only truly reliable defense — no software stops a determined user from entering their own password)
Secondary: Spam filter (can block phishing emails before they arrive)
Note: This is the "at least one threat is best stopped by something that isn't software" answer on the projection. Firewall does NOT reliably stop it. Antivirus doesn't prevent it, only catches attachments after the fact.

DoS / DDoS

Primary: Firewall (can block traffic from known attacking addresses — the reading says this explicitly)
Secondary: Auditing software (detects the anomalous traffic spike early, before it becomes catastrophic)
Note: No defense fully prevents a large DDoS — the distributed nature is designed to overwhelm any single point of defense. This is worth naming honestly.

Spam

Primary: Spam filter (purpose-built for exactly this)
Secondary: User behavior (not clicking links or attachments in spam)
Note: Spam is somewhat the odd one out — it's less a direct attack than a delivery mechanism for other attacks. The reading frames it this way.

Additional Notes